sap pmk
To manually configure the Cisco TrustSec Security Association Protocol (SAP) pairwise master key (PMK),
use the sap pmk command. To remove the SAP configuration, use the no form of this command.
sap pmk [key| [left-zero-padded] [display encrypt]| encrypted {encrypted_pmk| use-dot1x} [modelist
{gcm-encrypt| gmac| no-encap| null}]]
no sap
Syntax Description
Key value. This is a hexadecimal string with an even
number of characters. The maximum length is 32
characters.
key
(Optional) Pads zeros to the left of the entered string
if the PMK length is less than 32 bytes.
left-zero-padded
(Optional) Specifies that the configured PMK be
displayed in AES-encrypted format in the running
configuration.
display encrypt
Specifies an encrypted PMK string of 64 bytes (128
hexadecimal characters).
encrypted encrypted_pmk
Specifies that the peer device does not support Cisco
TrustSec 802.1X authentication or authorization but
does support SAP data path encryption and
authentication.
use-dot1x
(Optional) Specifies the SAP operation mode.modelist
Specifies Galois/Counter Mode (GCM) encryption
and authentication mode.
gcm-encrypt
Specifies GCM authentication mode.gmac
Specifies no encapsulation and no security group tag
(SGT) insertion.
no-encap
Specifies the encapsulation of the SGT without
authentication or encryption.
null
Command Default
gcm-encrypt
Command Modes
Cisco TrustSec manual configuration
Cisco Nexus 7000 Series Security Command Reference
644
S Commands
sap pmk
To Next Page
Loading...
